Using IFTTT to Express and Enforce UCON Obligations

Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)
Antonio La Marra
Fabio Martinelli
Paolo Mori
Andrea Saracino

If This Then That (IFTTT) is a free and widely used web-based platform where it is possible to create applet chains (Applets) of simple conditional statements that combine different web and smart services. In this paper we propose a methodology to express Usage Control (UCON) obligations in such a way that they can contain valid data in order to trigger such applet chains. The obligations that follow the response of access requests coming from UCON, become a trigger to the IFTTT platform and this enables a more abstract and non application specific mixture of them without each one losing their abstract structure. We will present the architecture and workflow of our approach, also together with a couple of use cases and the evaluation of an implementation of UCON together with a real IFTTT Applet.

ISPEC2019 - The 15th International Conference on Information Security Practice and Experience
Tuesday, November 26, 2019 to Thursday, November 28, 2019